<?php
	$uri = $_SERVER['REQUEST_URI'];
	$uri_var = explode('/', $uri);
	
	$count = count($uri_var);
	$dot = "";
	
	for($i=0; $i<$count-2; $i++)
	{
		$dot = $dot."../";
	}
?>
<?php include($dot.'mvz-config/system/begin.php'); ?>
<?php include($dot.'mvz-config/system/session_start.php'); ?>
<?php include($dot.'mvz-config/system/session.php'); ?>
<?php
	/* Start Process */
	
	$http_referer = $_SERVER['HTTP_REFERER'];
	$referer = explode("?",$http_referer);
	$url_referer = $referer[0];
	
	if(!isset($_POST['process_module_id']))	{$modid = "";}	else{$modid = sql_quote(trim($_POST['process_module_id']));}
	if(!isset($_POST['process_module_name']))	{$modname = "";}	else{$modname = sql_quote(trim($_POST['process_module_name']));}
	if(!isset($_POST['process_module_sub_id']))	{$modsubid = "";}	else{$modsubid = sql_quote(trim($_POST['process_module_sub_id']));}
	if(!isset($_POST['process_module_category']))	{$modcategory = "";}else{$modcategory = sql_quote(trim($_POST['process_module_category']));}
	if(!isset($_POST['process_type']))		{$type = "";}	else{$type = sql_quote(trim($_POST['process_type']));}
	if(!isset($_POST['process_userin']))	{$user = "";}	else{$user = sql_quote(trim($_POST['process_userin']));}
	if(!isset($_POST['process_usergroup']))	{$usrgrp = "";}	else{$usrgrp = sql_quote(trim($_POST['process_usergroup']));}
	if(!isset($_POST['process_datein']))	{$date = "";}	else{$date = sql_quote(trim($_POST['process_datein']));}
	
	if(!isset($_POST['txt_new_password_old']))	{$np_old = "";}	else{$np_old 	= sql_quote(trim($_POST['txt_new_password_old']));}
	if(!isset($_POST['txt_new_password_new']))	{$np_new = "";}	else{$np_new = sql_quote(trim($_POST['txt_new_password_new']));}
	if(!isset($_POST['txt_new_password_new_c']))	{$np_new_c = "";}	else{$np_new_c 	= sql_quote(trim($_POST['txt_new_password_new_c']));}
	
	if(!isset($_POST['txt_new_password_username']))	{$np_username = "";}	else{$np_username = sql_quote(trim($_POST['txt_new_password_username']));}
	
	$isValid = false;
	
	if($np_old == "" || $np_new == "" || $np_new_c == "")
	{
		$string_msg = "Please input ";
		if($np_old == ""){$string_msg .= "Old. ";}
		if($np_new == ""){$string_msg .= "New. ";}
		if($np_new_c == ""){$string_msg .= "Confirm New. ";}
		$string_msg .= "Password.";
		
		setSessionErr();
		setSessionMsg($string_msg);
		header("Location: ".$url_referer);
	}
	else
	{
		if($np_new == $np_new_c)
		{
			$isValid = true;
		}
		
		if($isValid)
		{
			/*
			echo "<pre>";
			print_r($_SESSION);
			echo "</pre>";
			*/
			

			
			
			/*
			echo "PKid : ".$PK_id." -<br />";
			echo "name : ".$name." -<br />";
			echo "activate : ".$activate." -<br />";
			
			die();
			*/
			
			if($type == "PASSWORD")
			{
				$sql = "select * from ms_user
						where stsrc = 'A'
							and userid = ".$_SESSION['userid']."
							and usergroupid = ".$_SESSION['usergroupid']."
							and username = '".$np_username."'
							and password = '".md5($np_old)."'
							and userstatus = 1
						";
				$exe = mysql_query($sql) or die(mysql_error());
				$num = mysql_num_rows($exe);
				$row = mysql_fetch_array($exe);
				
				if($num > 0)
				{
					$sql = " update ms_user ";
					$sql .= " set 	password = '".md5($np_new)."',
									userup = '".$_SESSION['userid']."',
									dateup = '".GET_DATE."'
									
							";
					$sql .= " where stsrc = 'A'
								and userid = ".$_SESSION['userid']."
								and usergroupid = ".$_SESSION['usergroupid']."
								and username = '".$np_username."'
								and password = '".md5($np_old)."'
								and userstatus = 1
							";
					//echo $sql;die();
					$exe = mysql_query($sql) or die(mysql_error());
					$aff = mysql_affected_rows();
					
					//echo $aff." = affected row"; die();
					if($aff > 0)
					{
						$string_log = "Edit Password for username ".$np_username." ";
						$string_msg = "Password for username ".$np_username." has been succesfully changed";
					}
					else
					{
						setSessionErr();
						$string_log = "Error : Change Password";
						$string_msg = "Error : 0 Row Affected";
					}
				}
				else
				{
					setSessionErr();
					$string_log = "Failed : Change Password";
					$string_msg = "Wrong Password";
				}
			}
			else
			{
				setSessionErr();
				$string_log = "Error : Change Password";
				$string_msg = "Error : Type";
			}
		}
		else
		{
			setSessionErr();
			$string_log = "Access Denied : Change Password";
			$string_msg = "New Password is not same";
		}
		
		addLogByUsername($string_log);
		setSessionMsg($string_msg);
		header("Location: ".$url_referer);
	}
	
	/* End Process */
?>
<?php include($dot.'mvz-config/system/end.php'); ?>